How to use Okta custom SAML app as an IdP for Azion Console

The Okta Identity Provider (IdP) is a trusted entity that allows you to enable single sign-on (SSO) to access other sites or services, such as Azion. Your users can continue using their corporate user identities without having to remember a specific password or enter credentials each time they access Azion Console.

When using an IdP, you have two protocol possibilities: Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

To set up an Okta custom SAML app as your account IdP for Console, follow the next steps.


Configuring the SAML app on Okta Admin Console

Section titled Configuring the SAML app on Okta Admin Console
  1. Log into the Okta Admin Console.
  2. On the homepage, under Applications, select Applications.
  3. Click Create App Integration.
  4. On the modal, select the option SAML 2.0 and click Next.
  5. Name the application. Example: Azion SAML.
  6. Click the Next button.
  7. In the General section, fill in the Single sign-on URL field with a temporary URL. The correct URL will be provided later in Azion Console. Example: https://sso.azion.com.
  8. Repeat the previous step for the Audience URI (SP Entity ID) field.
  9. Scroll down to the Attribute Statements section and fill in the fields as follows:
    • Name: email
    • Name format: Basic
    • Value: user.email
  10. Click the Next button.
  11. Fill in the Feedback section as required.
  12. Click the Finish button.
  1. After you’re redirected to your app details, click the Sign On tab.
  2. Under Metadata details, click More details.
  3. Copy the following metadata and paste into the text editing application:
    • Sign on URL, in the format https://account-name.okta.com/app/app-id/sso/saml.
    • Issuer, in the format http://www.okta.com/app-id.
  4. Scroll down to the SAML Signing Certificates section and find the active certificate or generate a new one.
  5. For the active certificate you want to use with Azion Console, click Actions > View IdP metadata.
  6. Copy the value within the XML tag <ds:X509Certificate> and paste into the text editing application.

Configuring the Identity Provider on Azion Console

Section titled Configuring the Identity Provider on Azion Console
  1. Log in to Azion Console.

  2. On the upper-right corner of the page, select the avatar menu. This is the Account menu.

  3. Select SSO Management.

  4. Click the Add Identity Provider button and select SAML.

  5. On the Identity Provider page, choose a name that identifies your identity provider. Example: Okta IdP SAML.

  6. Fill in the following fields with the data copied from the Okta Admin Console:

    • Identity provider’s Entity ID URI: add the Issuer URL.
    • Sign-in URL: add the Sign on URL.
    • Certificate: add the downloaded certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags.
  7. Click Save.

  • You’ll be redirected to the list of identity providers, where you can view all the providers created in your account.
  1. To connect the Console IdP with the Okta custom app, click the three dots on the corner of the IdP card and select Edit.

Completing the registration of the app on Okta Admin Console

Section titled Completing the registration of the app on Okta Admin Console
  1. In the Okta Admin Console, access the app created to apply SSO in Azion Console and navigate to the General tab.
  2. Scroll to the SAML Settings section and click Edit.
  3. Click the Next button.
  4. Copy the value of Assertion Consumer Service URL generated by the IdP on Console and paste it in the field Single sign-on URL in Okta.
  5. Copy the value of Service Provider’s Entity ID URI generated by the IdP on Console and paste in the field Audience URI (SP Entity ID) in Okta.
  6. Click the Next button.
  7. Click the Finish button.

Adding users on the Okta SAML app

Section titled Adding users on the Okta SAML app
  1. In the Okta Admin Console, access the app created to apply SSO in Azion Console and navigate to the Assignments tab.
  2. To assign users to the SAML app, click the dropdown button Assign and select Assign to People.
  1. Click Assign for the users you want to add from the list.
  • The email configured in Okta must be the same email registered for the user in Console.
  1. Click the button Save and Go Back.
  2. Repeat the previous steps for each user that you want to activate the SAML app for Console.

Turning on the Identity Provider on Azion Console

Section titled Turning on the Identity Provider on Azion Console
  1. Back on Console, access the SSO Management page.
  2. On the box of the Identity Provider you’ve added, click Activate and turn on identity Origin and then click Confirm.

Now all the users of the account, except for the Account Owner, will be able to access Console using Okta as the Identity Provider.


Contributors